This new onslaught of Locky emails makes it one of the largest malware campaigns 2017 has seen so far - at a time when researchers thought Locky was on its way out.
AppRiver security researchers discovered the mass email send that began around 7 am CST on August 28th. Perfect timing for unsuspecting users getting to work and checking their email.
The emails themselves didn't say much:
However, they each used one of these subjects: please print, documents, photo, images, scans, or pictures - so basic you can't help but wonder what it is.
After opening the message, victims received a ZIP file with a Visual Basic Script (VBS) inside of a second ZIP file. Upon clicking, the user's files would be encrypted with a desktop file named 'Lukitus' appearing containing decryption instructions.
Unfortunately, the ransomware is currently demanding half a Bitcoin, which translates to $2,150 at the time of publication.
Most recently, we've seen Locky resurface somewhat, but with a new variation called 'Diablo6'.
Locky is seemingly one ransomware campaign that just won't die off. As tempting as mysterious photos are, never click an attachment you weren't expecting and/or from an unknown sender.